PÁSZTOR György wrote: > Hi! > > "Gabor HALASZ" <halas...@freemail.hu> írta 2008-12-16 09:13-kor: >> PÁSZTOR György wrote: >>> Igen, de az OUTPUT chain a routing decision előtt van mind a nat, mind a >>> mangle táblában. >>> >> Eszerint nem: >> >> http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-6.html > Ez a doksi hibás. Ha már felfedezted küldj nekik bugreport! ;-)
Ezzel a lehetoseggel tobb okbol sem elnek, az egyik a fenti howto 4. pontja: 4. Who the hell are you, and why are you playing with my kernel? I'm Rusty Russell; the Linux IP Firewall maintainer and just another working coder who happened to be in the right place at the right time. A masik ok a mar emlegetett network internals konyv. Mondjuk harmadiknak a mar emlegetett traversingoftables faq, amit most ide is masolom vonatkozo reszet (csak a sorrend miatt, a table/chain specifikacio nelkul is eleg): 3.2 Source local host 1. Local process/application (i.e., server/client program) 2. Routing decision. What source address to use, what outgoing interface to use, and other necessary information that needs to be gathered. 3. This is where we mangle packets, it is suggested that you do not filter in this chain since it can have side effects. 4.... 3.3 Forwarded packets 1. On the wire (i.e., Internet) 2. Comes in on the interface (i.e., eth0) 3. This chain is normally used for mangling packets, i.e., changing TOS and so on. 4. This chain is used for DNAT mainly. SNAT is done further on. Avoid filtering in this chain since it will be bypassed in certain cases. 5. Routing decision, i.e., is the packet destined for our local host or to be forwarded and where. -- Gabor HALASZ <halas...@freemail.hu> _________________________________________________ linux lista - linux@mlf.linux.rulez.org http://mlf2.linux.rulez.org/mailman/listinfo/linux
